Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.5116 python-django security update 17 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python-django Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-41323 CVE-2022-36359 CVE-2022-34265 CVE-2022-28347 CVE-2022-28346 CVE-2022-23833 CVE-2022-22818 Original Bulletin: http://www.debian.org/security/2022/dsa-5254 Comment: CVSS (Max): 9.8* CVE-2022-34265 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD, [Red Hat] Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5254-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 15, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : python-django CVE ID : CVE-2022-22818 CVE-2022-23833 CVE-2022-28346 CVE-2022-28347 CVE-2022-34265 CVE-2022-36359 CVE-2022-41323 Debian Bug : 1004752 1009677 1014541 Multiple security issues were found in Django, a Python web development framework, which could result in denial of service, SQL injection or cross-site scripting. For the stable distribution (bullseye), these problems have been fixed in version 2:2.2.28-1~deb11u1. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-django Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNK2BoACgkQEMKTtsN8 TjZ7Hw/+JYONqaFlHSM1zoAZ5Siogck70+ffsSF8NJ1fMyBExPnL7YMF+F9GwzFd S4FqDd3SnEN2pZlSK84cWp4MXvqwsUEkVcbylZeCQOsk2WoE0BtruxCN937GNcvV 37ixBSC0uekx2B1f8n0YX5mA1nbezZjUnqw8/PomVAf98a0U1er7WJVypgXvvrkT KMT+D6PB1H3ASPEcNtFcuANd3QN9PGcuRQQHXeonAOSCYVnsiDYj3UN5ts9x+Nap gC981Uh6jxd07hiCdpPIam3Gjqp2wKFde9UiH25KYoPuw9Z7VkYZiI6lBZS2v4ZH bvPBTPDjD7c3UUzHeY7F9IqAyY7UlPC+tKcqYyKIXnHm0xiPj6Z6aQRq3E/sM6eP MLpiuMNEIhoy4AO+5wsexERfgWe5oGdkaXFO+kO1z7eqyZbsFaMZiTBkMRW9M1wo SJ5l5Acl5MCwVhCzuiCJQG9znCCpgKwcqLwNlEWDQmK0n/suhIotMkDTeYP4nvoo EimlTT08Yap2O66MwXGQPRwhZPN76HarJB0n08XPNEpjmg+LgF1dZuPrJIVbGL8L aeK+eRW64IEikTR7B2mq/gKFGWWsq6fsk6TFRtnjJp4McfYsaRx8L40YzJwCPIec P7dDNk4Tt5D3Psa+jU4e0f1hCBN+Chsd1LFfP55e9GtC/BHRg1E= =kzuc - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY0y1jMkNZI30y1K9AQhiTQ/8D2EOlGbFuv3xNxOUgwnVcwrL72gU4ej5 gLt2ljis00kgZw4g8QWqwcz6Hc6xbxYJR4K48hWZZOao0acWVvqrH7xhrjysxUJp CBKY+rMTIIMxQvvwhrYK4KD6JUFCDame/4W8KicLXPgbZ5ssKETMWiul77GBR220 4YTEx9LOXKOs0JRIE/557VjYw0X9Ro9k6YKLVLLYaN9T82VtP3NS1bJzcPI04Oe3 6POxpIZNRP8aJE4i1NYVwX06VJjocCLLLrPsuLdZHA8ZuUhNkPrFRfz62qaP0sZZ tBdj8dgu5SZS3qBBmNJjrjXiL1LNooLI5LZvNjne5I9FfW9K39P5MX8d0CJIRpcV jy+XsTS7qx7rbnjx8bvS0h3FQW45NggA2sci9akm0OEY4JfPQy3HbThj7w3DKprc B8XFM4Ft88W6PwvO4F7nuuMKnO7XtqAiQwt8Hv5A8uDksJOcQyhma+4u8/E7vKz4 8VmzqlxodSo2mRbVrCnt5/0+3pgUQmckp6ZhhNZTpoCS2A9X+8kOoSNYUkZLe1Da X1R3nI9tVb7a7+abpYnIlVIOijOJTeMH0nwF9+889pfsFb5TV2BbDOcdHiD+Xfx7 Yg1d2AoDBWI5jS+V/Vj87n1N5kqKc2Po6y3tPO25ojTg1BsNZKe9KKeFZg08G1Ku P6FhOZSHQ64= =NeMR -----END PGP SIGNATURE-----